ID CVE-2014-6559 Type cve Reporter NVD Modified 2017-01-02T21:59:10
Description
Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.
{"result": {"nessus": [{"id": "ALA_ALAS-2014-428.NASL", "type": "nessus", "title": "Amazon Linux AMI : mysql55 (ALAS-2014-428)", "description": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:SSL:yaSSL). Supported versions that are affected are 5.5.39 and earlier and 5.6.20 and earlier. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized takeover of MySQL Server possibly including arbitrary code execution within the MySQL Server. (CVE-2014-6491)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: C API SSL CERTIFICATE HANDLING). Supported versions that are affected are 5.5.39 and earlier and 5.6.20 and earlier.\nDifficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to all MySQL Server accessible data. (CVE-2014-6559)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:SSL:yaSSL). Supported versions that are affected are 5.5.39 and earlier and 5.6.20 and earlier. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized takeover of MySQL Server possibly including arbitrary code execution within the MySQL Server. (CVE-2014-6500)\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: CLIENT:SSL:yaSSL). Supported versions that are affected are 5.5.39 and earlier and 5.6.20 and earlier. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. (CVE-2014-6494)", "published": "2014-10-20T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=78558", "cvelist": ["CVE-2014-6500", "CVE-2014-6559", "CVE-2014-6491", "CVE-2014-6494"], "lastseen": "2018-04-19T07:48:11"}, {"id": "MANDRIVA_MDVSA-2014-210.NASL", "type": "nessus", "title": "Mandriva Linux Security Advisory : mariadb (MDVSA-2014:210)", "description": "Multiple vulnerabilities has been discovered and corrected in mariadb :\n\nUnspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS (CVE-2014-6464).\n\nUnspecified vulnerability in Oracle MySQL Server 5.5.39 and eariler and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER (CVE-2014-6469).\n\nUnspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML (CVE-2014-6507).\n\nUnspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML (CVE-2014-6555).\n\nUnspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING (CVE-2014-6559).\n\nThe updated packages have been upgraded to the 5.5.40 version which is not vulnerable to these issues.\n\nAdditionally MariaDB 5.5.40 removed the bundled copy of jemalloc from the source tarball and only builds with jemalloc if a system copy of the jemalloc library is detecting during the build. This update provides the jemalloc library packages to resolve this issue.", "published": "2014-10-29T00:00:00", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=78718", "cvelist": ["CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-6559", "CVE-2014-6464"], "lastseen": "2017-10-29T13:44:11"}, {"id": "GENTOO_GLSA-201411-02.NASL", "type": "nessus", "title": "GLSA-201411-02 : MySQL, MariaDB: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-201411-02 (MySQL, MariaDB: Multiple vulnerabilities)\n\n Multiple unspecified vulnerabilities have been discovered in MySQL.\n Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code, Denial of Service, or disclosure of sensitive information.\n Workaround :\n\n There is no known workaround at this time.", "published": "2014-11-06T00:00:00", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=78880", "cvelist": ["CVE-2014-6500", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6496", "CVE-2014-6555", "CVE-2014-6559", "CVE-2014-6464", "CVE-2014-6491", "CVE-2014-6494"], "lastseen": "2017-10-29T13:37:06"}, {"id": "SLACKWARE_SSA_2014-307-01.NASL", "type": "nessus", "title": "Slackware 14.1 / current : mariadb (SSA:2014-307-01)", "description": "New mariadb packages are available for Slackware 14.1 and -current to fix security issues.", "published": "2014-11-04T00:00:00", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=78829", "cvelist": ["CVE-2014-6500", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6496", "CVE-2014-6555", "CVE-2014-6559", "CVE-2014-6464", "CVE-2014-6491", "CVE-2014-6494"], "lastseen": "2017-10-29T13:32:57"}, {"id": "MYSQL_5_6_21.NASL", "type": "nessus", "title": "MySQL 5.5.x < 5.5.40 / 5.6.x < 5.6.21 Multiple Vulnerabilities (October 2014 CPU)", "description": "The version of MySQL installed on the remote host is version 5.5.x prior to 5.5.40 or 5.6.x prior to 5.6.21. It is, therefore, affected by errors in the following components :\n\n - C API SSL CERTIFICATE HANDLING\n - CLIENT:SSL:yaSSL\n - SERVER:DML\n - SERVER:INNODB DML FOREIGN KEYS\n - SERVER:OPTIMIZER\n - SERVER:SSL:yaSSL", "published": "2014-10-15T00:00:00", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=78477", "cvelist": ["CVE-2014-6500", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6496", "CVE-2014-6555", "CVE-2014-6559", "CVE-2014-6464", "CVE-2014-6491", "CVE-2014-6494"], "lastseen": "2017-10-29T13:43:34"}, {"id": "FEDORA_2014-16003.NASL", "type": "nessus", "title": "Fedora 20 : mariadb-5.5.40-1.fc20 (2014-16003)", "description": "This is an update that fixes all issues described at https://mariadb.com/kb/en/mariadb/development/changelogs/mariadb-5540- changelog and also couple of security issues.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2014-12-15T00:00:00", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=79905", "cvelist": ["CVE-2014-6564", "CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-6559", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-4287"], "lastseen": "2017-10-29T13:41:50"}, {"id": "UBUNTU_USN-2384-1.NASL", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS : mysql-5.5 vulnerabilities (USN-2384-1)", "description": "Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.40.\n\nIn addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.\n\nPlease see the following for more information:\nhttp://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-39.html http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.h tml.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2014-10-16T00:00:00", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=78505", "cvelist": ["CVE-2014-6495", "CVE-2014-6500", "CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6496", "CVE-2014-6555", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-6478", "CVE-2014-6491", "CVE-2012-5615", "CVE-2014-4287", "CVE-2014-6494"], "lastseen": "2017-10-29T13:34:26"}, {"id": "CENTOS_RHSA-2014-1861.NASL", "type": "nessus", "title": "CentOS 7 : mariadb (CESA-2014:1861)", "description": "Updated mariadb packages that fix several security issues are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.\n\nThis update fixes several vulnerabilities in the MariaDB database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n(CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MariaDB to version 5.5.40. Refer to the MariaDB Release Notes listed in the References section for a complete list of changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct these issues. After installing this update, the MariaDB server daemon (mysqld) will be restarted automatically.", "published": "2014-11-18T00:00:00", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=79300", "cvelist": ["CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-4243", "CVE-2012-5615", "CVE-2014-4207", "CVE-2014-4287"], "lastseen": "2017-10-29T13:34:45"}, {"id": "JUNIPER_SPACE_JSA10698.NASL", "type": "nessus", "title": "Juniper Junos Space < 15.1R1 Multiple Vulnerabilities (JSA10698)", "description": "According to its self-reported version number, the version of Junos Space running on the remote device is prior to 15.1R1. It is, therefore, affected by multiple vulnerabilities :\n\n - An error exists within the Apache 'mod_session_dbd' module, related to save operations for a session, due to a failure to consider the dirty flag and to require a new session ID. An unauthenticated, remote attacker can exploit this to have an unspecified impact.\n (CVE-2013-2249)\n\n - An unspecified flaw exists in the MySQL Server component related to error handling that allows a remote attacker to cause a denial of service condition. (CVE-2013-5908)\n\n - A flaw exists within the Apache 'mod_dav' module that is caused when tracking the length of CDATA that has leading white space. An unauthenticated, remote attacker can exploit this, via a specially crafted DAV WRITE request, to cause the service to stop responding.\n (CVE-2013-6438)\n\n - A flaw exists within the Apache 'mod_log_config' module that is caused when logging a cookie that has an unassigned value. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to cause the service to crash. (CVE-2014-0098)\n\n - A flaw exists, related to pixel manipulation, in the 2D component in the Oracle Java runtime that allows an unauthenticated, remote attacker to impact availability, confidentiality, and integrity. (CVE-2014-0429)\n\n - A flaw exists, related to PKCS#1 unpadding, in the Security component in the Oracle Java runtime that allows an unauthenticated, remote attacker to gain knowledge of timing information, which is intended to be protected by encryption. (CVE-2014-0453)\n\n - A race condition exists, related to array copying, in the Hotspot component in the Oracle Java runtime that allows an unauthenticated, remote attacker to execute arbitrary code. (CVE-2014-0456)\n\n - A flaw exists in the JNDI component in the Oracle Java runtime due to missing randomization of query IDs. An unauthenticated, remote attacker can exploit this to conduct spoofing attacks. (CVE-2014-0460)\n\n - A flaw exists in the Mozilla Network Security Services (NSS) library, which is due to lenient parsing of ASN.1 values involved in a signature and can lead to the forgery of RSA signatures, such as SSL certificates.\n (CVE-2014-1568)\n\n - An unspecified flaw exists in the MySQL Server component related to the CLIENT:SSL:yaSSL subcomponent that allows a remote attacker to impact integrity. (CVE-2014-6478)\n\n - Multiple unspecified flaws exist in the MySQL Server component related to the SERVER:SSL:yaSSL subcomponent that allow a remote attacker to impact confidentiality, integrity, and availability. (CVE-2014-6491, CVE-2014-6500)\n\n - Multiple unspecified flaws exist in the MySQL Server component related to the CLIENT:SSL:yaSSL subcomponent that allow a remote attacker to cause a denial of service condition. (CVE-2014-6494, CVE-2014-6495, CVE-2014-6496)\n\n - An unspecified flaw exists in the MySQL Server component related to the C API SSL Certificate Handling subcomponent that allows a remote attacker to disclose potentially sensitive information. (CVE-2014-6559)\n\n - An unspecified flaw exists in the MySQL Server component related to the Server:Compiling subcomponent that allows an authenticated, remote attacker to cause a denial of service condition. (CVE-2015-0501)\n\n - An XML external entity (XXE) injection vulnerability exists in OpenNMS due to the Castor component accepting XML external entities from exception messages. An unauthenticated, remote attacker can exploit this, via specially crafted XML data in a RTC post, to access local files. (CVE-2015-0975)\n\n - An unspecified flaw exists in the MySQL Server component related to the Server:Security:Privileges subcomponent that allows a remote attacker to disclose potentially sensitive information. (CVE-2015-2620)\n\n - A heap buffer overflow condition exists in QEMU in the pcnet_transmit() function within file hw/net/pcnet.c due to improper validation of user-supplied input when handling multi-TMD packets with a length above 4096 bytes. An unauthenticated, remote attacker can exploit this, via specially crafted packets, to gain elevated privileges from guest to host. (CVE-2015-3209)\n\n - Multiple cross-site scripting (XSS), SQL injection, and command injection vulnerabilities exist in Junos Space that allow an unauthenticated, remote attacker to execute arbitrary code. (CVE-2015-7753)", "published": "2016-06-23T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=91778", "cvelist": ["CVE-2014-6495", "CVE-2014-6500", "CVE-2014-0453", "CVE-2014-0098", "CVE-2015-0501", "CVE-2015-2620", "CVE-2014-6496", "CVE-2014-0456", "CVE-2014-0429", "CVE-2013-6438", "CVE-2014-6559", "CVE-2015-0975", "CVE-2014-1568", "CVE-2014-0460", "CVE-2014-6478", "CVE-2014-6491", "CVE-2013-2249", "CVE-2015-3209", "CVE-2015-7753", "CVE-2013-5908", "CVE-2014-6494"], "lastseen": "2017-10-29T13:40:56"}, {"id": "ORACLELINUX_ELSA-2014-1859.NASL", "type": "nessus", "title": "Oracle Linux 5 : mysql55-mysql (ELSA-2014-1859)", "description": "From Red Hat Security Advisory 2014:1859 :\n\nUpdated mysql55-mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 5.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nMySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.\n\nThis update fixes several vulnerabilities in the MySQL database server. Information about these flaws can be found on the Oracle Critical Patch Update Advisory page, listed in the References section.\n(CVE-2014-2494, CVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, CVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, CVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, CVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MySQL to version 5.5.40. Refer to the MySQL Release Notes listed in the References section for a complete list of changes.\n\nAll MySQL users should upgrade to these updated packages, which correct these issues. After installing this update, the MySQL server daemon (mysqld) will be restarted automatically.", "published": "2014-11-21T00:00:00", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=79369", "cvelist": ["CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-4243", "CVE-2012-5615", "CVE-2014-4207", "CVE-2014-4287"], "lastseen": "2017-10-29T13:41:59"}], "amazon": [{"id": "ALAS-2014-428", "type": "amazon", "title": "Important: mysql55", "description": "**Issue Overview:**\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:SSL:yaSSL). Supported versions that are affected are 5.5.39 and earlier and 5.6.20 and earlier. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized takeover of MySQL Server possibly including arbitrary code execution within the MySQL Server. ([CVE-2014-6491 __](<https://access.redhat.com/security/cve/CVE-2014-6491>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: C API SSL CERTIFICATE HANDLING). Supported versions that are affected are 5.5.39 and earlier and 5.6.20 and earlier. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to all MySQL Server accessible data. ([CVE-2014-6559 __](<https://access.redhat.com/security/cve/CVE-2014-6559>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: SERVER:SSL:yaSSL). Supported versions that are affected are 5.5.39 and earlier and 5.6.20 and earlier. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized takeover of MySQL Server possibly including arbitrary code execution within the MySQL Server. ([CVE-2014-6500 __](<https://access.redhat.com/security/cve/CVE-2014-6500>))\n\nVulnerability in the MySQL Server component of Oracle MySQL (subcomponent: CLIENT:SSL:yaSSL). Supported versions that are affected are 5.5.39 and earlier and 5.6.20 and earlier. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. ([CVE-2014-6494 __](<https://access.redhat.com/security/cve/CVE-2014-6494>))\n\n \n**Affected Packages:** \n\n\nmysql55\n\n \n**Issue Correction:** \nRun _yum update mysql55_ to update your system. \n\n \n**New Packages:**\n \n \n i686: \n mysql55-common-5.5.40-1.3.amzn1.i686 \n mysql55-embedded-devel-5.5.40-1.3.amzn1.i686 \n mysql55-devel-5.5.40-1.3.amzn1.i686 \n mysql55-debuginfo-5.5.40-1.3.amzn1.i686 \n mysql55-embedded-5.5.40-1.3.amzn1.i686 \n mysql55-bench-5.5.40-1.3.amzn1.i686 \n mysql55-test-5.5.40-1.3.amzn1.i686 \n mysql55-server-5.5.40-1.3.amzn1.i686 \n mysql55-libs-5.5.40-1.3.amzn1.i686 \n mysql55-5.5.40-1.3.amzn1.i686 \n \n src: \n mysql55-5.5.40-1.3.amzn1.src \n \n x86_64: \n mysql55-embedded-5.5.40-1.3.amzn1.x86_64 \n mysql55-embedded-devel-5.5.40-1.3.amzn1.x86_64 \n mysql55-test-5.5.40-1.3.amzn1.x86_64 \n mysql55-server-5.5.40-1.3.amzn1.x86_64 \n mysql55-devel-5.5.40-1.3.amzn1.x86_64 \n mysql55-common-5.5.40-1.3.amzn1.x86_64 \n mysql55-debuginfo-5.5.40-1.3.amzn1.x86_64 \n mysql55-bench-5.5.40-1.3.amzn1.x86_64 \n mysql55-5.5.40-1.3.amzn1.x86_64 \n mysql55-libs-5.5.40-1.3.amzn1.x86_64 \n \n \n", "published": "2014-10-16T22:14:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://alas.aws.amazon.com/ALAS-2014-428.html", "cvelist": ["CVE-2014-6500", "CVE-2014-6559", "CVE-2014-6491", "CVE-2014-6494"], "lastseen": "2016-09-28T21:04:01"}], "openvas": [{"id": "OPENVAS:1361412562310120190", "type": "openvas", "title": "Amazon Linux Local Check: ALAS-2014-428", "description": "Amazon Linux Local Security Checks", "published": "2015-09-08T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120190", "cvelist": ["CVE-2014-6500", "CVE-2014-6559", "CVE-2014-6491", "CVE-2014-6494"], "lastseen": "2017-08-01T10:48:52"}, {"id": "OPENVAS:1361412562310121277", "type": "openvas", "title": "Gentoo Linux Local Check: https://security.gentoo.org/glsa/201411-02", "description": "Gentoo Linux Local Security Checks https://security.gentoo.org/glsa/201411-02", "published": "2015-09-29T00:00:00", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121277", "cvelist": ["CVE-2014-6500", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6496", "CVE-2014-6555", "CVE-2014-6559", "CVE-2014-6464", "CVE-2014-6491", "CVE-2014-6494"], "lastseen": "2018-04-09T11:27:13"}, {"id": "OPENVAS:1361412562310804781", "type": "openvas", "title": "Oracle MySQL Multiple Unspecified vulnerabilities-02 Oct14 (Windows)", "description": "This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.", "published": "2014-10-20T00:00:00", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804781", "cvelist": ["CVE-2014-6500", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6496", "CVE-2014-6555", "CVE-2014-6559", "CVE-2014-6464", "CVE-2014-6491", "CVE-2014-6494"], "lastseen": "2017-10-25T14:32:29"}, {"id": "OPENVAS:1361412562310808144", "type": "openvas", "title": "Oracle MySQL Multiple Unspecified Vulnerabilities-32 Jun16 (Linux)", "description": "This host is running Oracle MySQL and is\n prone to multiple unspecified vulnerabilities.", "published": "2016-06-03T00:00:00", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310808144", "cvelist": ["CVE-2014-6500", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6496", "CVE-2014-6555", "CVE-2014-6559", "CVE-2014-6464", "CVE-2014-6491", "CVE-2014-6494"], "lastseen": "2017-10-25T14:43:08"}, {"id": "OPENVAS:1361412562310882083", "type": "openvas", "title": "CentOS Update for mariadb CESA-2014:1861 centos7 ", "description": "Check the version of mariadb", "published": "2014-11-18T00:00:00", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882083", "cvelist": ["CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-4243", "CVE-2014-4207", "CVE-2014-4287"], "lastseen": "2017-07-25T10:48:46"}, {"id": "OPENVAS:1361412562310871293", "type": "openvas", "title": "RedHat Update for mysql55-mysql RHSA-2014:1859-01", "description": "Check the version of mysql55-mysql", "published": "2014-11-18T00:00:00", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871293", "cvelist": ["CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-4243", "CVE-2014-4207", "CVE-2014-4287"], "lastseen": "2017-08-04T10:48:43"}, {"id": "OPENVAS:703054", "type": "openvas", "title": "Debian Security Advisory DSA 3054-1 (mysql-5.5 - security update)", "description": "Several issues have been discovered in the MySQL database server. The\nvulnerabilities are addressed by upgrading MySQL to the new upstream\nversion 5.5.40. Please see the MySQL 5.5 Release Notes and Oracle", "published": "2014-10-20T00:00:00", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=703054", "cvelist": ["CVE-2014-6495", "CVE-2014-6500", "CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6496", "CVE-2014-6555", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-6478", "CVE-2014-6491", "CVE-2012-5615", "CVE-2014-4287", "CVE-2014-6494"], "lastseen": "2017-08-02T10:49:05"}, {"id": "OPENVAS:1361412562310882084", "type": "openvas", "title": "CentOS Update for mysql55-mysql CESA-2014:1859 centos5 ", "description": "Check the version of mysql55-mysql", "published": "2014-11-18T00:00:00", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882084", "cvelist": ["CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-4243", "CVE-2014-4207", "CVE-2014-4287"], "lastseen": "2017-08-04T10:48:58"}, {"id": "OPENVAS:1361412562310842009", "type": "openvas", "title": "Ubuntu Update for mysql-5.5 USN-2384-1", "description": "Check the version of mysql-5.5", "published": "2014-10-16T00:00:00", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842009", "cvelist": ["CVE-2014-6495", "CVE-2014-6500", "CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6496", "CVE-2014-6555", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-6478", "CVE-2014-6491", "CVE-2012-5615", "CVE-2014-4287", "CVE-2014-6494"], "lastseen": "2017-12-04T11:17:13"}, {"id": "OPENVAS:1361412562310105408", "type": "openvas", "title": "Multiple Vulnerabilities in Junos Space", "description": "Multiple vulnerabilities have been addressed in Junos Space 15.1R1 release.", "published": "2015-10-16T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105408", "cvelist": ["CVE-2014-6495", "CVE-2014-6500", "CVE-2014-0453", "CVE-2014-0098", "CVE-2015-0501", "CVE-2015-2620", "CVE-2014-6496", "CVE-2014-0456", "CVE-2014-0429", "CVE-2013-6438", "CVE-2014-6559", "CVE-2015-0975", "CVE-2014-1568", "CVE-2014-0460", "CVE-2014-6478", "CVE-2014-6491", "CVE-2013-2249", "CVE-2015-3209", "CVE-2015-7753", "CVE-2013-5908", "CVE-2014-6494"], "lastseen": "2017-07-02T21:11:44"}], "gentoo": [{"id": "GLSA-201411-02", "type": "gentoo", "title": "MySQL, MariaDB: Multiple vulnerabilities", "description": "### Background\n\nMySQL is a popular multi-threaded, multi-user SQL server. MariaDB is an enhanced, drop-in replacement for MySQL. \n\n### Description\n\nMultiple unspecified vulnerabilities have been discovered in MySQL. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could exploit these vulnerabilities to cause unspecified impact, possibly including remote execution of arbitrary code, Denial of Service, or disclosure of sensitive information. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll MySQL users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/mysql-5.5.40\"\n \n\nAll MariaDB users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-db/mariadb-5.5.40-r1\"", "published": "2014-11-05T00:00:00", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/201411-02", "cvelist": ["CVE-2014-6500", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6496", "CVE-2014-6555", "CVE-2014-6559", "CVE-2014-6464", "CVE-2014-6491", "CVE-2014-6494"], "lastseen": "2016-09-06T19:47:06"}], "slackware": [{"id": "SSA-2014-307-01", "type": "slackware", "title": "mariadb", "description": "New mariadb packages are available for Slackware 14.1 and -current to\nfix security issues.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/mariadb-5.5.40-i486-1_slack14.1.txz: Upgraded.\n This update contains security fixes and improvements.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6507\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6491\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6500\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6469\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6555\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6559\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6494\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6496\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6464\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the "Get Slack" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/mariadb-5.5.40-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/mariadb-5.5.40-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/mariadb-5.5.40-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ap/mariadb-5.5.40-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 14.1 package:\nda0aff5bebbbdc0621359c0fea027ae6 mariadb-5.5.40-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\ndbb7d695a22ae538b5ad9c024823b190 mariadb-5.5.40-x86_64-1_slack14.1.txz\n\nSlackware -current package:\nf9ca4cf6015ddbb73dfba16c535caffc ap/mariadb-5.5.40-i486-1.txz\n\nSlackware x86_64 -current package:\n6924f64b6c147556a58a2c6f1929ab5e ap/mariadb-5.5.40-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg mariadb-5.5.40-i486-1_slack14.1.txz\n\nThen, restart the database server:\n > sh /etc/rc.d/rc.mysqld restart", "published": "2014-11-03T17:25:07", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.386696", "cvelist": ["CVE-2014-6500", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6496", "CVE-2014-6555", "CVE-2014-6559", "CVE-2014-6464", "CVE-2014-6491", "CVE-2014-6494"], "lastseen": "2018-02-02T18:11:31"}], "redhat": [{"id": "RHSA-2014:1860", "type": "redhat", "title": "(RHSA-2014:1860) Important: mysql55-mysql security update", "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of\nthe MySQL server daemon (mysqld) and many client programs and libraries.\n\nThis update fixes several vulnerabilities in the MySQL database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-2494,\nCVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, \nCVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, \nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, \nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MySQL to version 5.5.40. Refer to the MySQL\nRelease Notes listed in the References section for a complete list of\nchanges.\n\nAll MySQL users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MySQL server daemon\n(mysqld) will be restarted automatically.\n", "published": "2014-11-17T05:00:00", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2014:1860", "cvelist": ["CVE-2014-2494", "CVE-2014-4207", "CVE-2014-4243", "CVE-2014-4258", "CVE-2014-4260", "CVE-2014-4274", "CVE-2014-4287", "CVE-2014-6463", "CVE-2014-6464", "CVE-2014-6469", "CVE-2014-6484", "CVE-2014-6505", "CVE-2014-6507", "CVE-2014-6520", "CVE-2014-6530", "CVE-2014-6551", "CVE-2014-6555", "CVE-2014-6559"], "lastseen": "2018-03-28T05:49:11"}, {"id": "RHSA-2014:1862", "type": "redhat", "title": "(RHSA-2014:1862) Important: mariadb55-mariadb security update", "description": "MariaDB is a multi-user, multi-threaded SQL database server that is binary\ncompatible with MySQL.\n\nThis update fixes several vulnerabilities in the MariaDB database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-2494,\nCVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287,\nCVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484,\nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MariaDB to version 5.5.40. Refer to the\nMariaDB Release Notes listed in the References section for a complete list\nof changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MariaDB server daemon\n(mysqld) will be restarted automatically.\n", "published": "2014-11-17T05:00:00", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2014:1862", "cvelist": ["CVE-2014-2494", "CVE-2014-4207", "CVE-2014-4243", "CVE-2014-4258", "CVE-2014-4260", "CVE-2014-4274", "CVE-2014-4287", "CVE-2014-6463", "CVE-2014-6464", "CVE-2014-6469", "CVE-2014-6484", "CVE-2014-6505", "CVE-2014-6507", "CVE-2014-6520", "CVE-2014-6530", "CVE-2014-6551", "CVE-2014-6555", "CVE-2014-6559"], "lastseen": "2018-03-28T07:55:45"}, {"id": "RHSA-2014:1861", "type": "redhat", "title": "(RHSA-2014:1861) Important: mariadb security update", "description": "MariaDB is a multi-user, multi-threaded SQL database server that is binary\ncompatible with MySQL.\n\nThis update fixes several vulnerabilities in the MariaDB database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-2494,\nCVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287,\nCVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484,\nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MariaDB to version 5.5.40. Refer to the\nMariaDB Release Notes listed in the References section for a complete list\nof changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MariaDB server daemon\n(mysqld) will be restarted automatically.\n", "published": "2014-11-17T05:00:00", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2014:1861", "cvelist": ["CVE-2012-5615", "CVE-2014-2494", "CVE-2014-4207", "CVE-2014-4243", "CVE-2014-4258", "CVE-2014-4260", "CVE-2014-4274", "CVE-2014-4287", "CVE-2014-6463", "CVE-2014-6464", "CVE-2014-6469", "CVE-2014-6484", "CVE-2014-6505", "CVE-2014-6507", "CVE-2014-6520", "CVE-2014-6530", "CVE-2014-6551", "CVE-2014-6555", "CVE-2014-6559"], "lastseen": "2018-04-15T18:30:18"}, {"id": "RHSA-2014:1940", "type": "redhat", "title": "(RHSA-2014:1940) Important: mariadb-galera security update", "description": "MariaDB is a multi-user, multi-threaded SQL database server that is binary\ncompatible with MySQL. Galera is a synchronous multi-master cluster for\nMariaDB.\n\nThis update fixes several vulnerabilities in the MariaDB database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-4274,\nCVE-2014-4287, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484,\nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559, CVE-2012-5615, CVE-2014-4258, CVE-2014-4260,\nCVE-2014-2494, CVE-2014-4207)\n\nThese updated packages upgrade MariaDB to version 5.5.40. Refer to the\nMariaDB Release Notes listed in the References section for a complete list\nof changes.\n\nAll mariadb-galera users are advised to upgrade to these updated packages,\nwhich correct these issues. After installing this update, the MariaDB\nserver daemon (mysqld) will be restarted automatically.", "published": "2014-12-02T21:44:45", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2014:1940", "cvelist": ["CVE-2012-5615", "CVE-2014-2494", "CVE-2014-4207", "CVE-2014-4258", "CVE-2014-4260", "CVE-2014-4274", "CVE-2014-4287", "CVE-2014-6463", "CVE-2014-6464", "CVE-2014-6469", "CVE-2014-6484", "CVE-2014-6505", "CVE-2014-6507", "CVE-2014-6520", "CVE-2014-6530", "CVE-2014-6551", "CVE-2014-6555", "CVE-2014-6559"], "lastseen": "2018-03-19T19:50:20"}, {"id": "RHSA-2014:1937", "type": "redhat", "title": "(RHSA-2014:1937) Important: mariadb-galera security update", "description": "MariaDB is a multi-user, multi-threaded SQL database server that is binary\ncompatible with MySQL. Galera is a synchronous multi-master cluster for\nMariaDB.\n\nThis update fixes several vulnerabilities in the MariaDB database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-4274,\nCVE-2014-4287, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484,\nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559, CVE-2012-5615, CVE-2014-4258, CVE-2014-4260,\nCVE-2014-2494, CVE-2014-4207)\n\nThese updated packages upgrade MariaDB to version 5.5.40. Refer to the\nMariaDB Release Notes listed in the References section for a complete list\nof changes.\n\nAll mariadb-galera users are advised to upgrade to these updated packages,\nwhich correct these issues. After installing this update, the MariaDB\nserver daemon (mysqld) will be restarted automatically.", "published": "2014-12-02T21:39:58", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2014:1937", "cvelist": ["CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2012-5615", "CVE-2014-4207", "CVE-2014-4287"], "lastseen": "2017-03-10T07:18:23"}, {"id": "RHSA-2014:1859", "type": "redhat", "title": "(RHSA-2014:1859) Important: mysql55-mysql security update", "description": "MySQL is a multi-user, multi-threaded SQL database server. It consists of\nthe MySQL server daemon (mysqld) and many client programs and libraries.\n\nThis update fixes several vulnerabilities in the MySQL database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-2494,\nCVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, \nCVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, \nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, \nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MySQL to version 5.5.40. Refer to the MySQL\nRelease Notes listed in the References section for a complete list of\nchanges.\n\nAll MySQL users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MySQL server daemon\n(mysqld) will be restarted automatically.\n", "published": "2014-11-17T05:00:00", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2014:1859", "cvelist": ["CVE-2012-5615", "CVE-2014-2494", "CVE-2014-4207", "CVE-2014-4243", "CVE-2014-4258", "CVE-2014-4260", "CVE-2014-4274", "CVE-2014-4287", "CVE-2014-6463", "CVE-2014-6464", "CVE-2014-6469", "CVE-2014-6484", "CVE-2014-6505", "CVE-2014-6507", "CVE-2014-6520", "CVE-2014-6530", "CVE-2014-6551", "CVE-2014-6555", "CVE-2014-6559"], "lastseen": "2017-09-09T07:19:27"}], "debian": [{"id": "DSA-3054", "type": "debian", "title": "mysql-5.5 -- security update", "description": "Several issues have been discovered in the MySQL database server. The vulnerabilities are addressed by upgrading MySQL to the new upstream version 5.5.40. Please see the MySQL 5.5 Release Notes and Oracle's Critical Patch Update advisory for further details:\n\n * <https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-39.html>\n * <https://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html>\n * <http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html>\n\nFor the stable distribution (wheezy), these problems have been fixed in version 5.5.40-0+wheezy1.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your mysql-5.5 packages.", "published": "2014-10-20T00:00:00", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-3054", "cvelist": ["CVE-2014-6495", "CVE-2014-6500", "CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6496", "CVE-2014-6555", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-6478", "CVE-2014-6491", "CVE-2012-5615", "CVE-2014-4287", "CVE-2014-6494"], "lastseen": "2017-10-05T13:09:29"}], "centos": [{"id": "CESA-2014:1861", "type": "centos", "title": "mariadb security update", "description": "**CentOS Errata and Security Advisory** CESA-2014:1861\n\n\nMariaDB is a multi-user, multi-threaded SQL database server that is binary\ncompatible with MySQL.\n\nThis update fixes several vulnerabilities in the MariaDB database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-2494,\nCVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287,\nCVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484,\nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551,\nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MariaDB to version 5.5.40. Refer to the\nMariaDB Release Notes listed in the References section for a complete list\nof changes.\n\nAll MariaDB users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MariaDB server daemon\n(mysqld) will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-November/020761.html\n\n**Affected packages:**\nmariadb\nmariadb-bench\nmariadb-devel\nmariadb-embedded\nmariadb-embedded-devel\nmariadb-libs\nmariadb-server\nmariadb-test\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-1861.html", "published": "2014-11-17T17:32:07", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2014-November/020761.html", "cvelist": ["CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-4243", "CVE-2012-5615", "CVE-2014-4207", "CVE-2014-4287"], "lastseen": "2017-10-03T18:25:41"}, {"id": "CESA-2014:1859", "type": "centos", "title": "mysql55 security update", "description": "**CentOS Errata and Security Advisory** CESA-2014:1859\n\n\nMySQL is a multi-user, multi-threaded SQL database server. It consists of\nthe MySQL server daemon (mysqld) and many client programs and libraries.\n\nThis update fixes several vulnerabilities in the MySQL database server.\nInformation about these flaws can be found on the Oracle Critical Patch\nUpdate Advisory page, listed in the References section. (CVE-2014-2494,\nCVE-2014-4207, CVE-2014-4243, CVE-2014-4258, CVE-2014-4260, CVE-2014-4287, \nCVE-2014-4274, CVE-2014-6463, CVE-2014-6464, CVE-2014-6469, CVE-2014-6484, \nCVE-2014-6505, CVE-2014-6507, CVE-2014-6520, CVE-2014-6530, CVE-2014-6551, \nCVE-2014-6555, CVE-2014-6559)\n\nThese updated packages upgrade MySQL to version 5.5.40. Refer to the MySQL\nRelease Notes listed in the References section for a complete list of\nchanges.\n\nAll MySQL users should upgrade to these updated packages, which correct\nthese issues. After installing this update, the MySQL server daemon\n(mysqld) will be restarted automatically.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-November/020762.html\n\n**Affected packages:**\nmysql55-mysql\nmysql55-mysql-bench\nmysql55-mysql-devel\nmysql55-mysql-libs\nmysql55-mysql-server\nmysql55-mysql-test\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-1859.html", "published": "2014-11-17T17:35:05", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2014-November/020762.html", "cvelist": ["CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-4243", "CVE-2012-5615", "CVE-2014-4207", "CVE-2014-4287"], "lastseen": "2017-10-03T18:25:28"}], "oraclelinux": [{"id": "ELSA-2014-1859", "type": "oraclelinux", "title": "mysql55-mysql security update", "description": "[5.5.40-2]\nfilter perl(GD) from Requires (perl-gd is not available for RHEL5)\n Resolves: #1160514\n[5.5.40-1]\n- Rebase to 5.5.40\n Also fixes: CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464\n CVE-2014-6469 CVE-2014-6484 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520\n CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559 CVE-2014-6564\n Resolves: #1160514", "published": "2014-11-17T00:00:00", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2014-1859.html", "cvelist": ["CVE-2014-6564", "CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-4243", "CVE-2014-4207", "CVE-2014-4287"], "lastseen": "2016-09-04T11:17:12"}, {"id": "ELSA-2014-1861", "type": "oraclelinux", "title": "mariadb security update", "description": "[1:5.5.40-1]\n- Rebase to 5.5.40\n Also fixes: CVE-2014-4274 CVE-2014-4287 CVE-2014-6463 CVE-2014-6464\n CVE-2014-6469 CVE-2014-6484 CVE-2014-6505 CVE-2014-6507 CVE-2014-6520\n CVE-2014-6530 CVE-2014-6551 CVE-2014-6555 CVE-2014-6559 CVE-2014-6564\n Resolves: #1160548\n[1:5.5.37-1]\n- Rebase to 5.5.37\n https://kb.askmonty.org/en/mariadb-5537-changelog/\n Also fixes: CVE-2014-2440 CVE-2014-0384 CVE-2014-2432 CVE-2014-2431\n CVE-2014-2430 CVE-2014-2436 CVE-2014-2438 CVE-2014-2419\n Resolves: #1101062", "published": "2014-11-17T00:00:00", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2014-1861.html", "cvelist": ["CVE-2014-6564", "CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-2440", "CVE-2014-4260", "CVE-2014-2432", "CVE-2014-2419", "CVE-2014-4258", "CVE-2014-2436", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-2431", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-2430", "CVE-2014-4243", "CVE-2014-4207", "CVE-2014-2438", "CVE-2014-0384", "CVE-2014-4287"], "lastseen": "2016-09-04T11:16:47"}], "ubuntu": [{"id": "USN-2384-1", "type": "ubuntu", "title": "MySQL vulnerabilities", "description": "Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. MySQL has been updated to 5.5.40.\n\nIn addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.\n\nPlease see the following for more information: <http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-39.html> <http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html> <http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html>", "published": "2014-10-15T00:00:00", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/2384-1/", "cvelist": ["CVE-2014-6495", "CVE-2014-6500", "CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6496", "CVE-2014-6555", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-6478", "CVE-2014-6491", "CVE-2012-5615", "CVE-2014-4287", "CVE-2014-6494"], "lastseen": "2018-03-29T18:19:04"}], "f5": [{"id": "F5:K15725", "type": "f5", "title": "Multiple 5.5.x and 5.6.x MySQL vulnerabilities", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Vulnerable component or feature \n---|---|---|--- \nBIG-IP LTM| None| 11.0.0 - 11.6.0 \n10.0.0 - 10.2.4| None \nBIG-IP AAM| None| 11.4.0 - 11.6.0| None \nBIG-IP AFM| None| 11.3.0 - 11.6.0| None \nBIG-IP Analytics| None| 11.0.0 - 11.6.0| None \nBIG-IP APM| None| 11.0.0 - 11.6.0 \n10.1.0 - 10.2.4| None \nBIG-IP ASM| None| 11.0.0 - 11.6.0 \n10.0.0 - 10.2.4| None \nBIG-IP Edge Gateway| None| 11.0.0 - 11.3.0 \n10.1.0 - 10.2.4| None \nBIG-IP GTM| None| 11.0.0 - 11.6.0 \n10.0.0 - 10.2.4| None \nBIG-IP Link Controller| None| 11.0.0 - 11.6.0 \n10.0.0 - 10.2.4| None \nBIG-IP PEM| None| 11.3.0 - 11.6.0| None \nBIG-IP PSM| None| 11.0.0 - 11.4.1 \n10.0.0 - 10.2.4| None \nBIG-IP WebAccelerator| None| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| None \nBIG-IP WOM| None| 11.0.0 - 11.3.0 \n10.0.0 - 10.2.4| None \nARX| None| 6.1.1 - 6.4.0 \n5.0.0 - 5.3.1| None \nEnterprise Manager| None| 3.0.0 - 3.1.1 \n2.1.0 - 2.3.0| None \nFirePass| None| 7.0.0 \n6.0.0 - 6.1.0| None \nBIG-IQ Cloud| None| 4.0.0 - 4.4.0| None \nBIG-IQ Device| None| 4.2.0 - 4.4.0| None \nBIG-IQ Security| None| 4.0.0 - 4.4.0| None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K15461>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "published": "2014-10-23T23:30:00", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "https://support.f5.com/csp/article/K15725", "cvelist": ["CVE-2014-6495", "CVE-2014-6500", "CVE-2014-6564", "CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6496", "CVE-2014-6555", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-6478", "CVE-2014-6491", "CVE-2012-5615", "CVE-2014-6474", "CVE-2014-6489", "CVE-2014-4287", "CVE-2014-6494"], "lastseen": "2017-06-08T00:16:09"}, {"id": "SOL15725", "type": "f5", "title": "SOL15725 - Multiple 5.5.x and 5.6.x MySQL vulnerabilities", "description": "Vulnerability Recommended Actions\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "published": "2014-10-23T00:00:00", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "http://support.f5.com/kb/en-us/solutions/public/15000/700/sol15725.html", "cvelist": ["CVE-2014-6495", "CVE-2014-6500", "CVE-2014-6564", "CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-6484", "CVE-2014-6507", "CVE-2014-6469", "CVE-2014-6496", "CVE-2014-6555", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-6478", "CVE-2014-6491", "CVE-2012-5615", "CVE-2014-6474", "CVE-2014-6489", "CVE-2014-4287", "CVE-2014-6494"], "lastseen": "2016-11-09T00:09:39"}], "suse": [{"id": "OPENSUSE-SU-2015:1216-1", "type": "suse", "title": "Security update for MariaDB (important)", "description": "MariaDB was updated to its current minor version, fixing bugs and security\n issues.\n\n These updates include a fix for Logjam (CVE-2015-4000), making MariaDB\n work with client software that no longer allows short DH groups over SSL,\n as e.g.\n our current openssl packages.\n\n On openSUSE 13.1, MariaDB was updated to 5.5.44.\n\n On openSUSE 13.2, MariaDB was updated from 10.0.13 to 10.0.20.\n\n Please read the release notes of MariaDB\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-10020-release-notes/</a>\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-10019-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-10019-release-notes/</a>\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-10018-release-notes/</a>\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-10017-release-notes/</a>\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-10016-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-10016-release-notes/</a>\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-10015-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-10015-release-notes/</a>\n <a rel=\"nofollow\" href=\"https://mariadb.com/kb/en/mariadb/mariadb-10014-release-notes/\">https://mariadb.com/kb/en/mariadb/mariadb-10014-release-notes/</a> for more\n information.\n\n", "published": "2015-07-09T17:08:05", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00020.html", "cvelist": ["CVE-2015-4000", "CVE-2014-6500", "CVE-2015-2325", "CVE-2015-2568", "CVE-2014-6507", "CVE-2014-6469", "CVE-2015-0501", "CVE-2015-0432", "CVE-2014-6496", "CVE-2014-6555", "CVE-2015-2571", "CVE-2014-6559", "CVE-2014-8964", "CVE-2014-6464", "CVE-2015-3152", "CVE-2015-0382", "CVE-2015-0374", "CVE-2014-6491", "CVE-2015-0499", "CVE-2015-0433", "CVE-2015-0441", "CVE-2014-6568", "CVE-2015-0505", "CVE-2015-2573", "CVE-2014-6494", "CVE-2015-2326", "CVE-2015-0411", "CVE-2015-0381"], "lastseen": "2016-09-04T11:56:36"}, {"id": "SUSE-SU-2015:0620-1", "type": "suse", "title": "Security update for MySQL (important)", "description": "The MySQL datebase server was updated to 5.5.42, fixing various bugs and\n security issues.\n\n More information can be found on:\n\n * <a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-42.html\">http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-42.html</a>\n <<a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-42.html\">http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-42.html</a>>\n * <a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-41.html\">http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-41.html</a>\n <<a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-41.html\">http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-41.html</a>>\n * <a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html\">http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html</a>\n <<a rel=\"nofollow\" href=\"http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html\">http://dev.mysql.com/doc/relnotes/mysql/5.5/en/news-5-5-40.html</a>>\n\n Also various issues with the mysql start script were fixed.\n (bsc#868673,bsc#878779)\n\n Security Issues:\n\n * CVE-2015-0411\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0411\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0411</a>>\n * CVE-2015-0382\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0382\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0382</a>>\n * CVE-2015-0381\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0381\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0381</a>>\n * CVE-2015-0391\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0391\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0391</a>>\n * CVE-2015-0432\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0432\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0432</a>>\n * CVE-2015-0409\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0409\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0409</a>>\n * CVE-2014-6568\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6568\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6568</a>>\n * CVE-2015-0385\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0385\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0385</a>>\n * CVE-2015-0374\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0374\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0374</a>>\n * CVE-2012-5615\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5615\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5615</a>>\n * CVE-2014-0224\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0224</a>>\n * CVE-2014-4274\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4274\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4274</a>>\n * CVE-2014-4287\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4287\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4287</a>>\n * CVE-2014-6463\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6463\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6463</a>>\n * CVE-2014-6464\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6464\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6464</a>>\n * CVE-2014-6469\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6469\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6469</a>>\n * CVE-2014-6474\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6474\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6474</a>>\n * CVE-2014-6478\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6478\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6478</a>>\n * CVE-2014-6484\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6484\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6484</a>>\n * CVE-2014-6489\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6489\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6489</a>>\n * CVE-2014-6491\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6491\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6491</a>>\n * CVE-2014-6494\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6494\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6494</a>>\n * CVE-2014-6495\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6495\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6495</a>>\n * CVE-2014-6496\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6496\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6496</a>>\n * CVE-2014-6500\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6500\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6500</a>>\n * CVE-2014-6505\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6505\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6505</a>>\n * CVE-2014-6507\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6507\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6507</a>>\n * CVE-2014-6520\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6520\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6520</a>>\n * CVE-2014-6530\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6530\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6530</a>>\n * CVE-2014-6551\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6551\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6551</a>>\n * CVE-2014-6555\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6555\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6555</a>>\n * CVE-2014-6559\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6559\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6559</a>>\n * CVE-2014-6564\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6564\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6564</a>>\n\n", "published": "2015-03-28T01:04:56", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00033.html", "cvelist": ["CVE-2014-6495", "CVE-2014-6500", "CVE-2014-6564", "CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2015-0385", "CVE-2014-0224", "CVE-2014-6484", "CVE-2015-0391", "CVE-2014-6507", "CVE-2014-6469", "CVE-2015-0432", "CVE-2014-6496", "CVE-2014-6555", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2015-0382", "CVE-2014-6478", "CVE-2015-0374", "CVE-2015-0409", "CVE-2014-6491", "CVE-2012-5615", "CVE-2014-6568", "CVE-2014-6474", "CVE-2014-6489", "CVE-2014-4287", "CVE-2014-6494", "CVE-2015-0411", "CVE-2015-0381"], "lastseen": "2016-09-04T12:33:54"}, {"id": "SUSE-SU-2015:0743-1", "type": "suse", "title": "Security update for mariadb (important)", "description": "mariadb was updated to version 10.0.16 to fix 40 security issues.\n\n These security issues were fixed:\n - CVE-2015-0411: Unspecified vulnerability in Oracle MySQL Server 5.5.40\n and earlier, and 5.6.21 and earlier, allowed remote attackers to affect\n confidentiality, integrity, and availability via unknown vectors related\n to Server : Security : Encryption (bnc#915911).\n - CVE-2015-0382: Unspecified vulnerability in Oracle MySQL Server 5.5.40\n and earlier and 5.6.21 and earlier allowed remote attackers to affect\n availability via unknown vectors related to Server : Replication, a\n different vulnerability than CVE-2015-0381 (bnc#915911).\n - CVE-2015-0381: Unspecified vulnerability in Oracle MySQL Server 5.5.40\n and earlier and 5.6.21 and earlier allowed remote attackers to affect\n availability via unknown vectors related to Server : Replication, a\n different vulnerability than CVE-2015-0382 (bnc#915911).\n - CVE-2015-0432: Unspecified vulnerability in Oracle MySQL Server 5.5.40\n and earlier allowed remote authenticated users to affect availability\n via vectors related to Server : InnoDB : DDL : Foreign Key (bnc#915911).\n - CVE-2014-6568: Unspecified vulnerability in Oracle MySQL Server 5.5.40\n and earlier, and 5.6.21 and earlier, allowed remote authenticated users\n to affect availability via vectors related to Server : InnoDB : DML\n (bnc#915911).\n - CVE-2015-0374: Unspecified vulnerability in Oracle MySQL Server 5.5.40\n and earlier and 5.6.21 and earlier allowed remote authenticated users to\n affect confidentiality via unknown vectors related to Server : Security\n : Privileges : Foreign Key (bnc#915911).\n - CVE-2014-6507: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and earlier, and 5.6.20 and earlier, allowed remote authenticated users\n to affect confidentiality, integrity, and availability via vectors\n related to SERVER:DML (bnc#915912).\n - CVE-2014-6491: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and earlier and 5.6.20 and earlier allowed remote attackers to affect\n confidentiality, integrity, and availability via vectors related to\n SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6500\n (bnc#915912).\n - CVE-2014-6500: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and earlier, and 5.6.20 and earlier, allowed remote attackers to affect\n confidentiality, integrity, and availability via vectors related to\n SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6491\n (bnc#915912).\n - CVE-2014-6469: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and eariler and 5.6.20 and earlier allowed remote authenticated users to\n affect availability via vectors related to SERVER:OPTIMIZER (bnc#915912).\n - CVE-2014-6555: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and earlier and 5.6.20 and earlier allowed remote authenticated users to\n affect confidentiality, integrity, and availability via vectors related\n to SERVER:DML (bnc#915912).\n - CVE-2014-6559: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and earlier, and 5.6.20 and earlier, allowed remote attackers to affect\n confidentiality via vectors related to C API SSL CERTIFICATE HANDLING\n (bnc#915912).\n - CVE-2014-6494: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and earlier, and 5.6.20 and earlier, allowed remote attackers to affect\n availability via vectors related to CLIENT:SSL:yaSSL, a different\n vulnerability than CVE-2014-6496 (bnc#915912).\n - CVE-2014-6496: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and earlier, and 5.6.20 and earlier, allowed remote attackers to affect\n availability via vectors related to CLIENT:SSL:yaSSL, a different\n vulnerability than CVE-2014-6494 (bnc#915912).\n - CVE-2014-6464: Unspecified vulnerability in Oracle MySQL Server 5.5.39\n and earlier and 5.6.20 and earlier allowed remote authenticated users to\n affect availability via vectors related to SERVER:INNODB DML FOREIGN\n KEYS (bnc#915912).\n - CVE-2010-5298: Race condition in the ssl3_read_bytes function in\n s3_pkt.c in OpenSSL through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is\n enabled, allowed remote attackers to inject data across sessions or\n cause a denial of service (use-after-free and parsing error) via an SSL\n connection in a multithreaded environment (bnc#873351).\n - CVE-2014-0195: The dtls1_reassemble_fragment function in d1_both.c in\n OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h did\n not properly validate fragment lengths in DTLS ClientHello messages,\n which allowed remote attackers to execute arbitrary code or cause a\n denial of service (buffer overflow and application crash) via a long\n non-initial fragment (bnc#880891).\n - CVE-2014-0198: The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x\n through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, did not\n properly manage a buffer pointer during certain recursive calls, which\n allowed remote attackers to cause a denial of service (NULL pointer\n dereference and application crash) via vectors that trigger an alert\n condition (bnc#876282).\n - CVE-2014-0221: The dtls1_get_message_fragment function in d1_both.c in\n OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h\n allowed remote attackers to cause a denial of service (recursion and\n client crash) via a DTLS hello message in an invalid DTLS handshake\n (bnc#915913).\n - CVE-2014-0224: OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1\n before 1.0.1h did not properly restrict processing of ChangeCipherSpec\n messages, which allowed man-in-the-middle attackers to trigger use of a\n zero-length master key in certain OpenSSL-to-OpenSSL communications, and\n consequently hijack sessions or obtain sensitive information, via a\n crafted TLS handshake, aka the "CCS Injection" vulnerability\n (bnc#915913).\n - CVE-2014-3470: The ssl3_send_client_key_exchange function in s3_clnt.c\n in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h,\n when an anonymous ECDH cipher suite is used, allowed remote attackers to\n cause a denial of service (NULL pointer dereference and client crash) by\n triggering a NULL certificate value (bnc#915913).\n - CVE-2014-6474: Unspecified vulnerability in Oracle MySQL Server 5.6.19\n and earlier allowed remote authenticated users to affect availability\n via vectors related to SERVER:MEMCACHED (bnc#915913).\n - CVE-2014-6489: Unspecified vulnerability in Oracle MySQL Server 5.6.19\n and earlier allowed remote authenticated users to affect integrity and\n availability via vectors related to SERVER:SP (bnc#915913).\n - CVE-2014-6564: Unspecified vulnerability in Oracle MySQL Server 5.6.19\n and earlier allowed remote authenticated users to affect availability\n via vectors related to SERVER:INNODB FULLTEXT SEARCH DML (bnc#915913).\n - CVE-2012-5615: Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and\n MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions,\n generates different error messages with different time delays depending\n on whether a user name exists, which allowed remote attackers to\n enumerate valid usernames (bnc#915913).\n - CVE-2014-4274: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier and 5.6.19 and earlier allowed local users to affect\n confidentiality, integrity, and availability via vectors related to\n SERVER:MyISAM (bnc#896400).\n - CVE-2014-4287: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier and 5.6.19 and earlier allowed remote authenticated users to\n affect availability via vectors related to SERVER:CHARACTER SETS\n (bnc#915913).\n - CVE-2014-6463: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier and 5.6.19 and earlier allowed remote authenticated users to\n affect availability via vectors related to SERVER:REPLICATION ROW FORMAT\n BINARY LOG DML (bnc#915913).\n - CVE-2014-6478: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier, and 5.6.19 and earlier, allowed remote attackers to affect\n integrity via vectors related to SERVER:SSL:yaSSL (bnc#915913).\n - CVE-2014-6484: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier, and 5.6.19 and earlier, allowed remote authenticated users\n to affect availability via vectors related to SERVER:DML (bnc#915913).\n - CVE-2014-6495: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier, and 5.6.19 and earlier, allowed remote attackers to affect\n availability via vectors related to SERVER:SSL:yaSSL (bnc#915913).\n - CVE-2014-6505: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier, and 5.6.19 and earlier, allowed remote authenticated users\n to affect availability via vectors related to SERVER:MEMORY STORAGE\n ENGINE (bnc#915913).\n - CVE-2014-6520: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier allowed remote authenticated users to affect availability\n via vectors related to SERVER:DDL (bnc#915913).\n - CVE-2014-6530: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier, and 5.6.19 and earlier, allowed remote authenticated users\n to affect confidentiality, integrity, and availability via vectors\n related to CLIENT:MYSQLDUMP (bnc#915913).\n - CVE-2014-6551: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier and 5.6.19 and earlier allowed local users to affect\n confidentiality via vectors related to CLIENT:MYSQLADMIN (bnc#915913).\n - CVE-2015-0391: Unspecified vulnerability in Oracle MySQL Server 5.5.38\n and earlier, and 5.6.19 and earlier, allowed remote authenticated users\n to affect availability via vectors related to DDL (bnc#915913).\n - CVE-2014-4258: Unspecified vulnerability in the MySQL Server component\n in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allowed remote\n authenticated users to affect confidentiality, integrity, and\n availability via vectors related to SRINFOSC (bnc#915914).\n - CVE-2014-4260: Unspecified vulnerability in the MySQL Server component\n in Oracle MySQL 5.5.37 and earlier, and 5.6.17 and earlier, allowed\n remote authenticated users to affect integrity and availability via\n vectors related to SRCHAR (bnc#915914).\n - CVE-2014-2494: Unspecified vulnerability in the MySQL Server component\n in Oracle MySQL 5.5.37 and earlier allowed remote authenticated users to\n affect availability via vectors related to ENARC (bnc#915914).\n - CVE-2014-4207: Unspecified vulnerability in the MySQL Server component\n in Oracle MySQL 5.5.37 and earlier allowed remote authenticated users to\n affect availability via vectors related to SROPTZR (bnc#915914).\n\n These non-security issues were fixed:\n - Get query produced incorrect results in MariaDB 10.0.11 vs MySQL 5.5 -\n SLES12 (bnc#906194).\n - After update to version 10.0.14 mariadb did not start - Job for\n mysql.service failed (bnc#911442).\n - Fix crash when disk full situation is reached on alter table\n (bnc#904627).\n - Allow md5 in FIPS mode (bnc#911556).\n - Fixed a situation when bit and hex string literals unintentionally\n changed column names (bnc#919229).\n\n Release notes: <a rel=\"nofollow\" href=\"https://kb.askmonty.org/en/mariadb-10016-release-notes/\">https://kb.askmonty.org/en/mariadb-10016-release-notes/</a>\n\n", "published": "2015-04-21T19:05:04", "cvss": {"score": 8.0, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html", "cvelist": ["CVE-2014-6495", "CVE-2014-6500", "CVE-2014-6564", "CVE-2014-6530", "CVE-2014-6505", "CVE-2014-6463", "CVE-2014-4260", "CVE-2014-4258", "CVE-2014-0224", "CVE-2014-6484", "CVE-2015-0391", "CVE-2014-6507", "CVE-2014-6469", "CVE-2015-0432", "CVE-2014-6496", "CVE-2014-6555", "CVE-2014-2494", "CVE-2014-3470", "CVE-2014-6559", "CVE-2014-4274", "CVE-2014-6464", "CVE-2014-6520", "CVE-2014-6551", "CVE-2010-5298", "CVE-2015-0382", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-6478", "CVE-2015-0374", "CVE-2014-6491", "CVE-2012-5615", "CVE-2014-6568", "CVE-2014-4207", "CVE-2014-6474", "CVE-2014-6489", "CVE-2014-4287", "CVE-2014-6494", "CVE-2014-0221", "CVE-2015-0411", "CVE-2015-0381"], "lastseen": "2016-09-04T12:23:04"}], "oracle": [{"id": "ORACLE:CPUOCT2014-1972960", "type": "oracle", "title": "Oracle Critical Patch Update - October 2014", "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n**Oracle has received specific reports of malicious exploitation of vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that malicious attackers have been successful because customers had failed to apply these Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\nOracle acknowledges Dana Taylor of netinfiltration.com for bringing to Oracle's attention a number of sites that were vulnerable to disclosure of sensitive information because Oracle CPU fixes were not applied to those sites for more than a year.\n\nThis Critical Patch Update contains 154 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\nPlease note that on September 26, 2014, Oracle released a [Security Alert for CVE-2014-7169 \"Bash\"](<http://www.oracle.com/technetwork/topics/security/alert-cve-2014-7169-2303276.html>) and other publicly disclosed vulnerabilities affecting GNU Bash. Customers of affected Oracle products are strongly advised to apply the fixes that were announced in the Security Alert for CVE-2014-7169.\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available at: <http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>.\n", "published": "2014-10-14T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "", "cvelist": ["CVE-2014-6495", "CVE-2014-6506", "CVE-2014-6500", "CVE-2014-2478", "CVE-2014-6564", "CVE-2014-6482", "CVE-2014-6536", "CVE-2014-6544", "CVE-2014-6558", "CVE-2014-6516", "CVE-2014-6560", "CVE-2014-6530", "CVE-2014-6505", "CVE-2014-4301", "CVE-2014-6463", "CVE-2014-6515", "CVE-2014-6460", "CVE-2014-6554", "CVE-2014-6539", "CVE-2014-4292", "CVE-2014-6487", "CVE-2014-6538", "CVE-2014-6493", "CVE-2014-4280", "CVE-2014-6488", "CVE-2014-4282", "CVE-2014-6519", "CVE-2014-2472", "CVE-2014-6466", "CVE-2014-6517", "CVE-2014-6471", "CVE-2014-6501", "CVE-2014-6504", "CVE-2014-6534", "CVE-2014-6455", "CVE-2014-6459", "CVE-2014-6502", "CVE-2014-7169", "CVE-2013-5605", "CVE-2014-6472", "CVE-2014-0224", "CVE-2014-6492", "CVE-2014-6457", "CVE-2014-4284", "CVE-2014-6484", "CVE-2014-6476", "CVE-2014-6479", "CVE-2014-6535", "CVE-2014-6507", "CVE-2014-6503", "CVE-2014-6490", "CVE-2014-6557", "CVE-2014-6542", "CVE-2014-6454", "CVE-2014-4295", "CVE-2014-4291", "CVE-2014-6469", "CVE-2014-4278", "CVE-2014-6537", "CVE-2014-6486", "CVE-2014-6496", "CVE-2013-1741", "CVE-2014-6555", "CVE-2014-2476", "CVE-2014-6529", "CVE-2014-6562", "CVE-2013-1740", "CVE-2014-4293", "CVE-2014-6511", "CVE-2014-3470", "CVE-2013-1739", "CVE-2014-6475", "CVE-2014-6485", "CVE-2014-6559", "CVE-2014-6470", "CVE-2014-4274", "CVE-2014-4294", "CVE-2014-6531", "CVE-2014-0119", "CVE-2014-1492", "CVE-2014-6456", "CVE-2014-6547", "CVE-2014-2880", "CVE-2013-5606", "CVE-2014-0114", "CVE-2014-4310", "CVE-2014-6543", "CVE-2014-6464", "CVE-2014-6468", "CVE-2014-4297", "CVE-2013-4322", "CVE-2014-0050", "CVE-2014-6520", "CVE-2014-6551", "CVE-2014-1490", "CVE-2010-5298", "CVE-2013-4286", "CVE-2014-6458", "CVE-2014-6532", "CVE-2014-6533", "CVE-2014-4276", "CVE-2014-4277", "CVE-2014-4288", "CVE-2014-6550", "CVE-2014-0195", "CVE-2014-4296", "CVE-2014-0198", "CVE-2013-4590", "CVE-2014-4290", "CVE-2014-6478", "CVE-2014-6553", "CVE-2014-6483", "CVE-2014-6473", "CVE-2014-0096", "CVE-2014-2475", "CVE-2014-4300", "CVE-2014-0075", "CVE-2014-6546", "CVE-2014-6465", "CVE-2014-4299", "CVE-2014-6491", "CVE-2014-6508", "CVE-2014-4289", "CVE-2014-6453", "CVE-2014-2473", "CVE-2014-4285", "CVE-2014-6522", "CVE-2014-0033", "CVE-2012-5615", "CVE-2014-6467", "CVE-2014-6523", "CVE-2014-6452", "CVE-2014-0095", "CVE-2014-6513", "CVE-2014-6474", "CVE-2014-1491", "CVE-2014-6489", "CVE-2014-2474", "CVE-2014-6563", "CVE-2014-6545", "CVE-2014-4281", "CVE-2014-4275", "CVE-2014-4287", "CVE-2014-6477", "CVE-2014-6552", "CVE-2014-6540", "CVE-2014-6494", "CVE-2014-6461", "CVE-2014-4283", "CVE-2014-6527", "CVE-2014-6462", "CVE-2014-6561", "CVE-2014-4298", "CVE-2014-6499", "CVE-2014-6512", "CVE-2014-0221", "CVE-2014-6498", "CVE-2014-6497"], "lastseen": "2018-04-18T20:23:49"}]}}